Paypal phishing w/o hosted HTML files

It is the first time I can see a phishing that doesn’t have a website to store the website !

This email came as a self sustained phishing solution.

It is written in HTML and JS and it has a FORM whos action is POST to a website which saves the data.

The submit button goes to http://www.webformdesigner.net/wfd_f2.php?id=QjfYrttfx8.

The website is not randomly chosen 😉

Web Form Designer is a legitimate company that produces such emails …

Have a look here:  http://www.webformdesigner.net/

The mail doesn’t have anything special in it. It asks for the usual stuff : CC number, PIN (never asked by a legitimate company or webshop) , etc.

Related Posts

Un nou atac phishing asupra clientilor Raiffeisen

So, a new attack against Raiffeisen clients in Romania. I made the analysis. Here is the link: http://www.avira.ro/ro/stiri_securitate/un_nou_atac_phishing_asupra_clientilor_raiffeisen.html

“There’s a new personal notification message special for ” – a scam for “Linked In”

“There’s a new personal notification message special for Sorin Mustaca” is the subject of the email pretending to come from “Automation LinkedInNotifier”. But then, why is it coming from “gci@grey.si” ? Come on spammers, you disappoint me 🙂 Anybody can see it is a fake… And “Linked In” ? Not even this is right…   […]

Spam description with my name in it

John Graham Cumming is maintaining his Spammer’s Compendium and he is giving names to spam techniques. I reported some time ago one technique used in PayPal phishing emails and he created a method: Cross your fingers and click (UH!Mustaca!HTML) What: Making what looks like a valid link to PayPal turn into a link to a […]